Details of VAR-202504-1580

ID

VAR-202504-1580

CVE

CVE-2025-2492

TITLE

plural ASUSTeK COMPUTER Command injection vulnerability in routers manufactured by

Trust: 0.8

sources: JVNDB: JVNDB-2026-000010

DESCRIPTION

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. An arbitrary command may be executed on the affected product with administrator privileges. ‌AiCloud is a cloud service launched by ASUS, which aims to provide easy access to data in devices connected to the router, such as USB or PC, and provides functions such as uploading, downloading, online music playback, online document browsing, sharing links to Facebook, and setting Smart Sync cloud synchronization

Trust: 2.16

sources: NVD: CVE-2025-2492 // JVNDB: JVNDB-2026-000010 // CNVD: CNVD-2025-07884

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07884

AFFECTED PRODUCTS

vendor:	asustek computer	model:	3.0.0.4 382 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	3.0.0.4 386 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	3.0.0.4 388 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	3.0.0.6 102 シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	asus	model:	aicloud 3.0.0.4 382 series	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	aicloud 3.0.0.4 386 series	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	aicloud 3.0.0.4 388 series	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	aicloud 3.0.0.6 102 series	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-07884 // JVNDB: JVNDB-2026-000010

CVSS

SEVERITY

CVSSV2

CVSSV3

54bf65a7-a193-42d2-b1ba-8e150d3c35e1:	CVE-2025-2492
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-07884
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07884
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-07884 // NVD: CVE-2025-2492

PROBLEMTYPE DATA

problemtype:	CWE-288	Trust: 1.0
problemtype:	others (CWE-Other) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-000010 // NVD: CVE-2025-2492

PATCH

title:	ASUS Security Advisory	url:	https://www.asus.com/security-advisory/	Trust: 0.8
title:	Patch for ASUS AiCloud Improper Authentication Control Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/682236	Trust: 0.6

sources: CNVD: CNVD-2025-07884 // JVNDB: JVNDB-2026-000010

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2492	Trust: 2.4
db:	JVN	id:	JVN67560152	Trust: 0.8
db:	JVNDB	id:	JVNDB-2026-000010	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07884	Trust: 0.6

sources: CNVD: CNVD-2025-07884 // JVNDB: JVNDB-2026-000010 // NVD: CVE-2025-2492

REFERENCES

url:	https://www.asus.com/content/asus-product-security-advisory/	Trust: 1.0
url:	https://jvn.jp/jp/jvn67560152/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2026-000010 // NVD: CVE-2025-2492

SOURCES

db:	CNVD	id:	CNVD-2025-07884
db:	JVNDB	id:	JVNDB-2026-000010
db:	NVD	id:	CVE-2025-2492

LAST UPDATE DATE

2026-01-24T23:43:37.042000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07884	date:	2025-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2026-000010	date:	2026-01-23T03:07:00
db:	NVD	id:	CVE-2025-2492	date:	2025-04-21T14:23:45.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07884	date:	2025-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2026-000010	date:	2026-01-23T00:00:00
db:	NVD	id:	CVE-2025-2492	date:	2025-04-18T09:15:13.823